x0rz @x0rz@mastodon.social

Tweets are automatically forwarded from https://twitter.com/x0rz

Oh no @EmmanuelMacron https://t.co/7usJjbtW3w

Fingerprints actually good RNG https://www.youtube.com/watch?v=iCRy8voU5dE

Glad to see DuckDuckGo and Apple getting along so well! @DuckDuckGo will now use Apple Maps to enhance searches, DDG acting as a proxy without sending any PII to Apple https://spreadprivacy.com/duckduckgo-apple-mapkit-js/ #privacy #duckduckgo #apple https://t.co/4051eDjSK1

Told you, bug bounties are just cheap pentests https://medium.com/@zseano/are-you-submitting-bugs-for-free-when-others-are-being-paid-welcome-to-bugbounties-9e0fdb40a837 #BugBounty

http://Yahoo.com seems popular as well 😬 https://t.co/bCupbdlj3A

To be fair, the US Cyber Command (@USCommandCyber) also uses a Gmail address. Learn from the best, eh ;) https://t.co/o9mOERsPKm

French cyber army Twitter account uses a Gmail address 🤦‍♂️
cc @ComcyberFR @ANSSI_FR https://t.co/W0HkcVfIrD

“If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device,” https://www.forbes.com/sites/thomasbrewster/2019/01/14/feds-cant-force-you-to-unlock-your-iphone-with-finger-or-face-judge-rules/#19201eb642b7 #privacy

"Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output." - this bug is 35 years old! https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt #scp #vulnerability https://t.co/Oqp9DBMKAt

200 million Chinese CVs leaking in an open 854GB MongoDB instance, oof https://blog.hackenproof.com/industry-news/202-million-private-resumes-exposed #OSINT #vulnerability #shodan

Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802 #redteam #windows #crowdstrike

Does that count cyber weapons @BlueHatIL? Just asking for a friend https://t.co/ir0gKdeLMQ

Detecting Drones via Network Traffic Analysis https://arxiv.org/pdf/1901.03535.pdf (PDF) #drone #detection #wifi https://t.co/5qEdoVhm4T

Targeted phishing can steal 2FA codes, that is true. Now TOTP will help against 95% of the shitty cybercrime phishing - that’s not an opinion that’s a fact. It all comes down to the threat model too. For most people it’s way better than nothing IMO.

Not all 2FA are created equal https://t.co/t7N5H1f9sG

Tokyo being cyberpunk AF https://t.co/dqbLaKkPP4

ICYMI, Metasploit 5.0 is out https://blog.rapid7.com/2019/01/10/metasploit-framework-5-0-released/ #pentesting #pentest #tooling

Ongoing DNS A record change for http://ssi.gouv.fr from 213.56.166[.]109 (AS3215 Orange) to 86.65.182[.]109 (AS15557 SFR SA), probably for mitigation or maintenance

French cybersecurity agency (@ANSSI_FR) website is down, ongoing DDoS attack on http://ssi.gouv.fr - apparently linked with #YellowVests according to https://www.challenges.fr/high-tech/gilets-jaunes-l-anssi-et-la-justice-cibles-par-des-hackers_635207 (FR article) https://t.co/RrpsP2ZQEH

Vulnerabilities in systemd-journald (EoP as root) https://www.openwall.com/lists/oss-security/2019/01/09/3 #linux #vulnerability https://t.co/7isIfSIrq1